Upgraded to 4.1 from 2.4 a short time ago… does the 4.x version track who is the parent process of a particular app? I have a couple apps in the blocked application policy but they can still start up firefox (in the web browser policy). Seems like in 2.4 I could block a specific parent app to prevent it from starting other (child) apps. Does that functionality still exist?
You can block programs from starting up other programs. Say you want to block program a from starting program b.
Go to Defense + → Advanced → Computer Security Policy → look up program a and select it → Edit → Access right → push the modify button and add program b to the Blocked Applications → when done Ok and Apply your way back to the main screen.
Notice that when D+ is in Safe Mode it will allow trusted applications to start other trusted applications without notification. If you don’t want that set D+ to Paranoid Mode.